Travers Smith

Aug 5, 2021 | Case Studies

UK Law Firm Extends Technological Leadership with Anti-Phishing Initiative

The Business

Travers Smith is one of the oldest U.K. law firms, founded in 1810. Headquartered in the City of London, it has an additional office in Paris. The award-winning firm prides itself on its client-focused approach and aims to deliver an exceptional experience wherever its clients need it to be. Communication by email is a critical component of that experience. Email is also the biggest attack vector for malicious actors in general. Fake email that appears to come from traverssmith.com but is really from an imposter would not align with the firm’s devotion to exceptional client experience. The company knew it could address this through existing standards, and therefore prioritized email authentication with SPF, DKIM, and DMARC.

“Implementing DMARC and getting to enforcement was a piece in the email security jigsaw puzzle that was missing and one we needed to find.”

The Challenge

The National Cyber Security Centre has provided recommendations to U.K. businesses on email security and anti-spoofing best practices, including an update in 2018 that recommended all domains should use DMARC. In the legal services sector, allocation of resources to cybersecurity has been increasing in recent years, but teams still typically have to make the most of their constrained budgets. Darragh Macken is responsible for information security at Travers Smith and has held positions in information technology and security for more than a decade. Email security was top of mind for Darragh as he set out his priorities for the team. With phishing attacks and spoofing increasing, he knew they needed to prioritize email authentication to protect the firm’s brand and protect its clients, employees, and business partners from malicious actors using the traverssmith.com domain for nefarious purposes.

Darragh was looking for a solution that would:

provide full visibility to uncover any “shadow IT”
not require a lot of resources
be cost-effective and align with his budget
be compliant with relevant regulations, particularly GDPR

With the support of management, Darragh set out to research the solutions available to help him. Having a long-standing partnership with local managed services partner, Gradian, Darragh sought its recommendation, as well as those of peers in the industry. With a shortlist of solutions in hand, the evaluation began.

The Solution

Travers Smith chose Valimail for its compliance with GDPR, complete visibility, automation, intuitive dashboard, and guarantee of getting to enforcement. The fully automated solution from Valimail outperformed competitors technically. Along with the managed services from Gradian, it was clear this solution would optimize Travers Smith’s resources. The company began the onboarding process with Gradian and achieved enforcement (p=reject) within about 90 days.

“It’s important when evaluating solutions to look at value add along with the cost. There is a clear price for the solution, and you must also consider the resource cost for a team member to manage the solution,” advises Darragh. “For us, it was clear that Valimail and Gradian would get the job done and give us the confidence to move to reject within 90 days — both providing a solution and enabling us to focus on the rest of our security program.”

“I would recommend the Valimail solution to my peers — no hesitation.”

The Result

Along with protecting its brand and domain from impersonation, Travers Smith is now a leader among the top 100 U.K. law firms in implementing DMARC at enforcement. Travers Smith clients, employees, and business partners can now trust that any email messages they receive from the domain traverssmith.com are legitimate, not fake. With the Valimail platform and the services provided by Gradian, Darragh is confident that the solution is doing what it is supposed to do. Meanwhile, he can continue to innovate in other ways to keep the business secure.

Challenge

U.K. law firm Travers Smith was eager to implement DMARC for email authentication. It was looking for a solution it could trust to get its domain to enforcement and keep it there, without additional burden on the information security team.

Solution

Working with its local partner, Gradian, Travers Smith selected Valimail Enforce for its data privacy, automation, and cost-efficiency.

Results

Travers Smith reached DMARC enforcement within 90 days and is now protecting its clients, employees, and partners from fake email — while gaining greater visibility into the firm’s email ecosystem.

Download PDF

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.